What's HIPAA Compliance? 


The definition of HIPAA compliance is as straightforward as “obeying 
HHS legislation to protect Protected Health Information (PHI) from 
flows." That is a simple announcement, since being compliant needs 
associations to follow each of standards in three or more important 
“Rules" To produce the battle even more difficult, a few of those Rules 


are over 500 pages each. 


HIPAA, or the Health Information Portability and Accountability Act, 


governs the usage and handling of individual PHI. 


This manual will not make you HIPAA compliant. It is going to direct you 
toward compliance using a plain English collection of all 71 actions 


items under all the significant Rules. 


To be completely compliant, it is vital to read the principles. We have 
provided links to each at the conclusion of every segment. 
Nevertheless, the speech in them may be compact and legalistic. This 
manual, by contrast, will be able to help you realize that the Rules 


faster. 


Further, it is important that staff be trained in HIPAA compliance. 


Prepared to take that step? 


Who Has To Be Compliant? 


All of HIPAA Compliance criteria in this manual apply to” covered 


entities" In other words, businesses and other businesses that utilize 


PHI (Protected Health Information). Covered entities include: 
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v 
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v 


Personal Practices 
Clinics 

Dentists 
Psychologists 
Nursing Homes 
Chiropractors 
Pharmacies 
Health Plans 


Clearinghouses 


Business Associates of covered entities also have to be compliant. A 


business partner is anything which aids a covered entity executes its 


healthcare functions. 


The Way to Make HIPAA Compliant 


To be HIPAA compliant, a covered entity must follow each of the 
important HHS compliance legislation. These govern Protected Health 
Information in physical and digital form. They also control how 
employees and facilities interact with this information, and also 
everything to do in the event of a violation. Finally, a few of the rules 


upgrade earlier versions or put penalties for offenses. 


What Rules Should I Follow? 


HIPAA compliance is determined by following the regulations in the 
following three criteria. They are not brief, finite rules such as, “Do not 
share PHI" or, “Place all sharps in the red biohazard containers" They 
are long, legal records from HHS, like the instructions that follow IRS tax 
forms. The Significant compliance principles to follow would be: 

« The Privacy Rule 

+ The Security Rule 

+ The Breach Notification Principle 
There is also an Omnibus Rule, an Enforcement Principle, the HITECH 


Act, and criteria governing HIPAA transactions. The remainder of this 


guide brings together 71 key action items from these principles 


combined. 


The HIPAA Compliance Checklist 


The checklist below provides action items for your HIPAA Privacy, 
Security, and Breach Notification Rules, and another compliance 


functions and criteria. 


All of the items below are “musts" unless they state to follow along 
where sensible. Even in circumstances where adhering to the criteria is 
not “reasonable" organizations frequently must create a replacement 
way of addressing the matter. In any case they must record their 


reasoning for non-compliance 


The services at Patriotmedbill are designed to assure HIPAA 


compliance in the following way: 


> Every employee at Patriotmedbill enters into a confidentiality 
agreement, the terms of which state that they agree not to use, 
publish or disclose, or permit others to use, any confidential 


information they may come in contact with. 


> Violation of this agreement warrants termination and legal action. 

> Access cards and biometric access screening control entry of 
employees into the facility. Our facility is manned 24 X 7 and 
unauthorized intrusion is practically impossible. 

> Access to critical areas such as the server room is restricted and 
only authorized personnel have entry rights to these sensitive 
areas. 

> Full Internet/Email access is provided to only authorized 
personnel. Access to computer systems is restricted by logins and 
passwords, which is unique for every employee. 

> Completely paperless environment — mainly for security and as a 
consequence, a ‘Go-Green’ initiative as well. 

> Connection to the clients’ servers is through secure site-site VPN 
tunnels with 128-bit encryption. 

> A dedicated Compliance Officer ensures compliance management 
processes, which are updated regularly and are stringently 


adhered to. 


Visit us for more details: https://patriotmedbill.com/hipaa- 


compliance.html 


